China hacking Hong Kong protesters’ smartphones, says security firm

By IAN ALLEN | intelNews.org
A mobile telephone security company has said the government of China is probably behind a sophisticated malware designed to compromise the smartphones of protesters in Hong Kong. Ever since the Hong Kong ‘umbrella revolution’ began to unfold, countless reports have referred to the use of smartphone applications as organizing tools by the protesters. According to one account, an application called FireChat was downloaded by more than 100,000 smartphone users in Hong Kong in less than 24 hours. FireChat is said to allow protesters to continue communicating with each other even when their individual devices are unable to connect to a mobile network. But a California-based mobile telephone security firm has warned that the Chinese government could be using such enabling applications to compromise the smartphones of pro-democracy protesters in the former British colony. Lacoon Mobile Security, which specializes in assessing and mitigating mobile security threats, said on Tuesday that it had detected several types of malware camouflaged as mobile phone applications designed to help the protesters organize. In a statement posted on its website, the security firm said that, once downloaded by a smartphone user, the malware gives an outsider access to the address book, communication logs and other private data stored on the unsuspecting user’s device. Lacoon added that what made the malware unusual was that it came in two different versions; one appears to target smartphones that run Apple’s iOS operating system, while the other is designed to compromise phones using Google’s Android software. The company noted that the types of malware that are circulating among Hong Kong protesters were some of the most sophisticated it had ever seen. They made use of a method called mRAT, which stands for multidimensional requirements analysis tool. Among other things, mRAT allows a hacker to take surreptitious pictures using the phone camera of a compromised smartphone. According to Lacoon, the design of the malware in question is so advanced that it is “undoubtedly backed by a nation state”. The company added that the identities of the victims, as well as the details of the servers used to direct the malware, led its engineers to “believe that the Chinese government is behind the attacks”. However, the reputable technology review Ars Technica cautioned on Thursday that it was unclear whether the detected malware was part of a state-sponsored attack. It could be “merely hackers taking advantage of a huge social engineering opportunity” to spread their malicious product, it said. But it concluded that whoever is behind the hacking is both “well-funded and sophisticated”.